After a chrome and passbolt extension update - browsing to my self-hosted passbolt server shows a blank page with 2 x the following errors in the chrome console.
Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-’), or a nonce (‘nonce-…’) is required to enable inline execution.
Passbolt CE 4.5.0
Passbolt Extension 4.5.0
OK - these errors are not an issue with the new extension, it may be due to new security measures in chrome.
The cause was other services (newrelic and cloudflare) inserting inline scripts into the html
However, having gotten rid of those errors, I am still faced with a blank browser page when trying to view passbolt or recover account etc.
We have that problem too. It started on 02/08/2024 at 2PM. Only the Chrome browser is affected. We have also updated to version 4.5.0, but the error remains. What options are there to solve the problem?
We have users reporting issues with passbolt browser extension, when running passbolt under a directory (e.g.
https://www.passbolt-domain.com/passbolt) the team is currently working on a hotfix.
Let us know if you issue is different by providing some additional information, such as the browser extension logs.
As Remy has announced, a solution is being finalized and is expected to be released today in the version 4.5.1 update of the browser extension.
Issue Overview This issue specifically affects instances operating within a subdirectory. It is limited to Chrome users only.
Temporary Solutions For those requiring immediate access to their passwords, two temporary solutions are available:
- Opt for Firefox or Edge browsers, as they are not affected by this problem.
- Or manually adjust the cookie settings:
- Navigate to your Passbolt instance URL using your browser.
- Access the Chrome developer tools through this link.
- Within the developer tools, select the ‘Application’ tab.
- From the left sidebar, click on ‘Cookies’ and then select your Passbolt URL.
- In the main panel, right-click on the cell for the ‘csrfToken’ path and choose ‘Edit path’.
- Eliminate the trailing slash from the path.
- Reload the page, you should be able to sign-in to passbolt
Thanks, your solution helps a lot.
The Chrome extension v4.5.1 was rolled out in production this morning and should solve this issue.
Well, unfortunately, I still am having this issue. I’ve confirmed I have version 4.5.2 Chrome extension.
My Chrome is Version 121.0.6167.161 (Official Build) (64-bit)
I go to my passbolt webpage. It asks for email. I then click on my extension to activate it. I enter my credentials into the extension popup. I click Login. The login button just spins forever AND the passbolt page just goes blank. Checking dev tools, nothing but 200s for everything that loads, but it’s still a blank page.
The URL for my passbolt is like “https://passbolt.subdomain.domain.tld”
Is there a place where this gets logged out to that I can check for error messages?
Well that was quick! MERCI Cedric for helping me fix my issue.
My fix was to go to the settings of the extension and make sure “Site Access” was set to “On all sites”. Previously it was just “On click”.